Security Basics mailing list archives

Re: Securing Printers

From: "Frank T. Clark" <fclark () lanl gov>
Date: Tue, 16 Nov 2004 15:37:45 -0700

I'd like to add to this that in most of the new HP printers, and some ofthe old ones, there is a "RAM DISK" that is NFS world read/write.

The newer units can turn this off via the web configuration tool, the olderones you need to use the buttons on the console and the old menu system, ortelnet in.

I can think of 1 fun little exploit for the printers (look on ./ for hp
printer hack, posted April fools day last year)...... Changing the
screen on the printers can cause chaos.

This is even easier to do now thanks to WebJetDirect and ppl who don'tsecure their printers with passwords.

Aside, I'd like to hear more about priv escalation on printers.

Current thread:

Securing Printers Bryce Embry (Nov 15)
- RE: Securing Printers Yvan G.J. Boily (Nov 15)
  - Re: Securing Printers Virgo Pärna (Nov 16)
- RE: Securing Printers David Gillett (Nov 15)
- Re: Securing Printers Ed Donahue (Nov 16)
  - Re: Securing Printers Zurt (Nov 16)
  - Re: Securing Printers Matthew Romanek (Nov 16)
    - RE: Securing Printers Corey Watts-Jones (Nov 19)
- Re: Securing Printers Jonathan Kline (Nov 16)
  - Re: Securing Printers Frank T. Clark (Nov 16)
- Re: Securing Printers xyberpix (Nov 16)
- Re: Securing Printers Peter Wan (Nov 16)
  - Re: Securing Printers Spigga (Nov 16)
- <Possible follow-ups>
- RE: Securing Printers Julen C (Nov 16)
- RE: Securing Printers Dubber, Drew B (Nov 16)
- RE: Securing Printers Dante Mercurio (Nov 17)
  - RE: Securing Printers Samuel Petreski (Nov 18)
    - Re: Securing Printers Adam Jones (Nov 19)
- RE: Securing Printers Herbold, John W. (Nov 19)
  - RE: Securing Printers Corey Watts-Jones (Nov 22)

(Thread continues...)